Security

Everything around IT security — vulnerability disclosures, hardening guides, malware and antivirus, intrusion detection, and the occasional reverse-engineering deep dive. Security is one of Fleximus’ core competences, so this is where most of the action happens.

  

The PCI DSS is a worldwide security standard assembled by the PCI SSC . The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The PCI DSS was created to minimize and prevent credit card fraud in any organization that processes credit card payments. If your company holds, processes or passes credit card information then you need to follow this security standard.

Read more

  
The first antivirus program for Mac OS X came from Sophos. Other vendors waited until the Mac got more attention, not only to users but also to malware authors. These beautiful computer systems are nowadays not only used by graphic designers but also by developers, administrators and CEOs. Everyone who wants a beautiful computer and/or operating systems. No doubt it is the sexiest UNIX system. Now the antivirus suites for Mac OS X from other vendors are popping up.

Read more

  
The Mozilla Security Blog has an article A Glimpse Into the Future of Browser Security that the CSF feature is now available in preview builds of Firefox. Content Security Policy is intentended to mitigate against the web application vulnerabilites XSS and CSRF which increased considerabely over the last few years. Grab a preview build of Firefox from the download page and help testing this new feature. The demo page has currently 11 individual tests if your browser supports CSP (showing PASS) or not (showing FAIL).

Read more

  
OpenEAV, the free and open antivirus system for the enterprise is watching out for a talented and experienced C++/QT programmer with good knowledge of the STL and the Boost library. The client gui needs to be designed, implemented and must fit well around OpenEAV’s core api. Everyone who feels to be interested in helping out should not hesitate to contact me. The OpenEAV project is hosted on Google Code In additional news, the project now has it’s own development list OpenEAV-devel.

Read more

  
Symantec reports that most of their av products have a security issue in conjunction with prepared archive files. These could bypass the virus scanner because the file format is not correct but the operating system is still able to etract the files. Also Frisk (F-Prot), Norman and Ikarus published updates to similar problems in their products. Kaspersky silently deployed updates to a parsing bug that prevented to identify pdf files if the magic string %PDF was missing.

Read more